[Users] Zimbra 8.8.8 Patch 1 release - Seems to break FOSS only servers

Barry de Graaff info at barrydegraaff.tk
Tue Apr 17 12:45:10 CEST 2018 

I am with David on this, as long as the `releases` are as 
confusing as they are now, and there remains a need to do
stuff manually. Automatic upgrades do not make sense.

I have no longer a clue on what can be considered a
stable release, nor what the release schedule is. 
That is some basic info that I need for planning..

Security patches should come from a repo and should work
automatically. Version upgrades should be done manual. 
Like Debian. IMHO.


Maybe Zimbra could do a little more on the communication to
explain what they are trying to achieve with the repo atm?

Kind regards, 

Barry de Graaff
Zeta Alliance 
Co-founder & Developer
zetalliance.org | github.com/Zimbra-Community

+31 617 220 227 | skype: barrydegraaff.tk
Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0



----- Original Message -----
From: "David Touitou" <david at network-studio.com>
To: "Lorenzo Milesi" <maxxer at yetopen.it>
Cc: "users" <users at lists.zetalliance.org>
Sent: Tuesday, April 17, 2018 12:24:30 PM
Subject: Re: [Users] Zimbra 8.8.8 Patch 1 release - Seems to break FOSS only servers

>> Look at the IMAP issue in 8.8.6 (bug #108414).
>> Do you seriously want your system to upgrade automatically to such a version?
> 
> We're talking about security updates, not version upgrades.

They have not released any "security updates" yet.

They release a mix of "security updates and bug fixes" through patches or new versions.
8.8.8-P1 is such a patch, it's a mix.

So let them first prove us they're able to release QA'ed security updates.
On time.
For all supported versions (*).

And we'll have the talk about "automatic upgrades".

David

(*) As you might guess, I'm thinking of 8.6.
It's supported but not patched against known vulnerabilities.
8.6's last patch was released _one_month_ after they knew about CVE-2018-6882.
It was done on purpose, they chosed not to provide a fix within previous patch.

I got a mail yesterday they eventually backported the fix but still don't know when they'll release it (next patch)

More information about the Users mailing list